1

Module 5

Audit Execution
Evidence gathering, evaluation and objective evidence
Audit findings
NCs and NC writing
Audit Reporting

Copyright 2012 BSI. All rights reserved.

1
 2
Audit Execution

The opening meeting

The audit process
Gather information
Verify (audit evidence)
Compare evidence against audit criteria (audit findings)
Evaluate findings (audit conclusions)
The closing meeting

Copyright 2012 BSI. All rights reserved.

2
 3
The Opening Meeting

Introductions record
Objective, Scope, issue status of Documentation, (DQS)
Review audit programme
Guides
Logistics
Reporting methods
Confidentiality
Sample
Restrictions?
Clarification?

Copyright 2012 BSI. All rights reserved.

3
 4
Audit Party

Auditor
Guide
Department representative
Auditee
Observers: auditee director, trainee auditor, auditor
Interpreter
Consultant

Copyright 2012 BSI. All rights reserved.

4
 5
Conduct of the Audit

Enter the area

Introductions by guide
Explain what you want to see
Investigate to the depth necessary
No problems found, move on
Dont keep on auditing until problems are found

Copyright 2012 BSI. All rights reserved.

5
 6
Control of Audit

Checklist is a servant not a master

If potential audit trails appear, decide
Disregard
Note for later
Follow up immediately
Might affect the sample size
Might affect the audit programme

Copyright 2012 BSI. All rights reserved.

6
 7
Open Questions

Tell me
Who (does it)
What (is done)
Where (is it done)
Why (is it done)
When (does it get done)
How (is it done; often is it done)
Show me

Copyright 2012 BSI. All rights reserved.

7
 8
Questions

Dont waste time by asking

Unrelated questions
Rhetorical questions
Too many closed questions
Do ask open questions

Copyright 2012 BSI. All rights reserved.

8
 9
Note Taking

Recording the objective evidence

Admissible statements
Document numbers and issue/revision levels
Identifiers
Departments
Name of auditee

Copyright 2012 BSI. All rights reserved.

9
 1
Note Taking 0

Notes could be used as reference for

Immediate investigation
Investigation later
Use by a colleague
Subsequent audits
Notes must therefore be
Legible
Retrievable
Sufficiently detailed

Copyright 2012 BSI. All rights reserved.

10
 1
Note Taking 1

Notes taken during an audit are a record of

The audit sample taken
What was reported
What was observed
Notes may be referenced by subsequent auditors

Copyright 2012 BSI. All rights reserved.

11
 1
Verification 2

Random basis
Chosen by the auditor
Permission sought
Establish and agree the facts
Remain objective
Always be polite

Copyright 2012 BSI. All rights reserved.

12
 1
Nonconformity 3

Non-fulfilment of a requirement
Specified requirements
Conditions of contract
Quality standard
Requirements of QMS (both documented and undocumented
Legal regulatory requirements

Copyright 2012 BSI. All rights reserved.

13
 1
Nonconformity 4

1. QMS is not conforming with the quality standard (intent)

2. Practice is not in line with the intent (implementation)
3. Practice is not effective
(effectiveness)

Copyright 2012 BSI. All rights reserved.

14
 1
Establish the Facts 5

Get help from the auditee

Discuss concerns
Verify the information
Record all the evidence
Exact observation
Where, what, etc...
Establish why a nonconformity or otherwise
State who (if relevant) preferably by job title

Copyright 2012 BSI. All rights reserved.

15
 1
6
Writing Statements of Nonconformity

Use auditees terminology

Make it retrievable
Must be factual
Make it complete
Make it concise

Copyright 2012 BSI. All rights reserved.

16
 1
Consider the Seriousness 7

Three questions to be answered

1. What could go wrong if the nonconformity remains uncorrected?
2. What is the likelihood of such a thing going wrong?
3. How likely is it to be detected if it did go wrong?

Copyright 2012 BSI. All rights reserved.

17
 1
Nonconformity 8
(BSI Terminology - Issue)

A single identified lapse, which would not in itself either lead to

nonconforming products or services being delivered, or (for EMS) raise
significant doubt as to the capability of the management system to
achieve the policy and objectives of the organization.

Copyright 2012 BSI. All rights reserved.

18
 1
Major Nonconformity (BSI Terminology - Nonconformity) 9

A breakdown in the management system to effectively control the

processes for which it was intended, or a situation where
nonconforming product or service would be delivered, or for (EMS), a
situation which would, on the basis of objective evidence, raise
significant doubt as to the capability of the management system to
achieve the policy and objectives of the organization.

scenarios

Copyright 2012 BSI. All rights reserved.

19
 2
Nonconformity Statement (1) 0

A project file was not available during the Audit.

Copyright 2012 BSI. All rights reserved.

20
 2
Nonconformity Statement (1) 1

Operational control procedure OP-01 Rev 3 requires that all

environmental monitoring records are available in the general
office.

Monitoring record for Noise Monitoring R-08 was unavailable

during the Internal Audit carried out on 1/12/2009.

Nonconformity to OP-01 Rev3 and ISO 14001-2004 clause 4.4.6

Copyright 2012 BSI. All rights reserved.

21
 2
Incident 2

During an audit of the personnel department the auditor asks how

the training regarding the environmental aspects and the
environmental management system are identified and provided. The
personnel manager replies that generally all are aware of
environment related problems and hence a formal training is not
required.

Copyright 2012 BSI. All rights reserved.

22
 2
Nonconformity 3

ISO 14001:2004 clause 4.4.2 requires that training

Are provided regarding the environmental aspects and the environmental
management system.

The personnel manager stated that only general awareness training is provided.

Copyright 2012 BSI. All rights reserved.

23
 2
Keep the Auditee Informed 4

For the audit to be constructive, helpful and professional

Review audit progress and findings regularly
Beat the grapevine or rumour mill
Generate rapport

Copyright 2012 BSI. All rights reserved.

24
 2
Ethos of Auditing 5

Positive approach
Aim to help improve system
Dont look for blame
Aid identification of solutions

Copyright 2012 BSI. All rights reserved.

25
 2
Judgement in the Audit Process 6

The auditee must be given the benefit of any doubt.

Copyright 2012 BSI. All rights reserved.

26
 2
Auditee Reactions 7

Enlisting help
Continual challenge
Volunteered information
Diversionary or time wasting tactics
Internal conflicts
Authority
Antagonism

Copyright 2012 BSI. All rights reserved.

27
 2
Review Meeting 8

The review meeting, normally 15 to 20 minutes in duration, may be

carried out at the end of each auditing day or at the beginning of next
auditing day, with either the management representative or guides to
Review any nonconformities
Resolve any problems
Report audit progress
Clarify any misunderstandings
Obtain signatures to any nonconformities

Copyright 2012 BSI. All rights reserved.

28
 2
Lead Auditors Responsibilities 9

Plan the audit and make effective use of resources

Represent the audit team in communications with the auditee
Organize and direct audit team members
Provide direction and guidance to auditors-in-training
Lead the audit team to reach the audit conclusions
Prevent and resolve conflicts
Prepare and complete the audit report

Copyright 2012 BSI. All rights reserved.

29
 3
Auditor Duties 0

Support the team leader

Prepare checklist
Arrive on time
Participate at opening meeting
Carry out assigned tasks
Keep to the timetable
Document all findings
Keep auditee informed
Assist team leader with reports
Safeguard all documents
Maintain confidentiality

Copyright 2012 BSI. All rights reserved.

30
 3
Audit Team Meetings 1

Item on the audit programme

Audit team only present
Controlled by team leader
Plan for closing meeting
Team leader prepares audit report
Finalize overall judgement on system
Team completes nonconformity reports
Team reviews nonconformity reports

Copyright 2012 BSI. All rights reserved.

31
 3
Overall Judgement on System 2

Conclusions to be drawn from all positive and

negative findings
Nonconformities
System intent
System implementation
System effectiveness
Strengths and weaknesses of departments
Strengths and weaknesses of the quality system

Copyright 2012 BSI. All rights reserved.

32
 3
Audit Follow-up Options 3

Evaluation of submitted corrective actions

Evaluation by continuing assessment visit
Partial re-audit
Full re-audit

Copyright 2012 BSI. All rights reserved.

33
 3
Audit Report 4

Audit reference Nonconformity reports

Auditee details Recommendation
Objective, scope, criteria Approval
Auditors names Circulation
Names of auditees principals Ensure confidentiality of
Audit programme report
Summary of findings (positive
& negative)

Copyright 2012 BSI. All rights reserved.

34
 3
Closing Meeting 5

Team Leader prepares and works to an agenda

and controls the meeting.

1 Attendees 6 Summary of findings

2 Thanks 7 Agreement
3 Objective/scope 8 Recommendation
4 Reporting system 9 Clarification
5 Limitations 10 Depart

Copyright 2012 BSI. All rights reserved.

35